From owner-freebsd-sparc64@FreeBSD.ORG Mon Jul 21 08:00:34 2003 Return-Path: Delivered-To: freebsd-sparc64@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2618937B401 for ; Mon, 21 Jul 2003 08:00:34 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D6F143F3F for ; Mon, 21 Jul 2003 08:00:32 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h6LF0WUp034141 for ; Mon, 21 Jul 2003 08:00:32 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h6LF0WPl034140; Mon, 21 Jul 2003 08:00:32 -0700 (PDT) Resent-Date: Mon, 21 Jul 2003 08:00:32 -0700 (PDT) Resent-Message-Id: <200307211500.h6LF0WPl034140@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-sparc64@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Roderick van Domburg Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DFA3137B404 for ; Mon, 21 Jul 2003 07:53:51 -0700 (PDT) Received: from netlx014.civ.utwente.nl (netlx014.civ.utwente.nl [130.89.1.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4190A43F85 for ; Mon, 21 Jul 2003 07:53:50 -0700 (PDT) (envelope-from roderick@stud187236.mobiel.utwente.nl) Received: from stud187236.mobiel.utwente.nl (stud187236.mobiel.utwente.nl [130.89.187.236])h6LErgi15949 for ; Mon, 21 Jul 2003 16:53:42 +0200 Received: from stud187236.mobiel.utwente.nl (localhost [127.0.0.1]) h6LEr763004074 for ; Mon, 21 Jul 2003 16:53:07 +0200 (CEST) (envelope-from roderick@stud187236.mobiel.utwente.nl) Received: (from roderick@localhost)h6LEr2n4004073; Mon, 21 Jul 2003 16:53:02 +0200 (CEST) (envelope-from roderick) Message-Id: <200307211453.h6LEr2n4004073@stud187236.mobiel.utwente.nl> Date: Mon, 21 Jul 2003 16:53:02 +0200 (CEST) From: Roderick van Domburg To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: sparc64/54712: ``ipfw: getsockopt(IP_FW_ADD): Bad address'' on sparc64 X-BeenThere: freebsd-sparc64@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting FreeBSD to the Sparc List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2003 15:00:34 -0000 >Number: 54712 >Category: sparc64 >Synopsis: ``ipfw: getsockopt(IP_FW_ADD): Bad address'' on sparc64 >Confidential: no >Severity: critical >Priority: medium >Responsible: freebsd-sparc64 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jul 21 08:00:31 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Roderick van Domburg >Release: FreeBSD 5.1-CURRENT sparc64 >Organization: University of Twente >Environment: System: FreeBSD stud187236.mobiel.utwente.nl 5.1-CURRENT FreeBSD 5.1-CURRENT #1: Mon Jul 21 16:15:59 CEST 2003 roderick@stud187236.mobiel.utwente.nl:/usr/obj/usr/src/sys/E250 sparc64 >Description: After having updated to July 21 sources, ipfw complains when adding firewall rules: ``ipfw: getsockopt(IP_FW_ADD): Bad address''. ipfw is loaded as a module in rc.firewall. Relevant rc.firewall, rc.conf and KERNCONF bits follow. >How-To-Repeat: == Relevant rc.firewall bits == [Cc][Ll][Ii][Ee][Nn][Tt]) ############ # This is a prototype setup that will protect your system somewhat # against people from outside your own network. ############ # set these to your network and netmask and ip net="130.89.191.255" mask="255.255.224.0" ip="130.89.187.236" setup_loopback # Allow any traffic to or from my own net. ${fwcmd} add pass all from ${ip} to ${net}:${mask} ${fwcmd} add pass all from ${net}:${mask} to ${ip} # Allow TCP through if setup succeeded ${fwcmd} add pass tcp from any to any established # Allow IP fragments to pass through ${fwcmd} add pass all from any to any frag # Allow setup of incoming secure shells ${fwcmd} add pass tcp from any to ${ip} 22 setup # Allow setup of incoming email #${fwcmd} add pass tcp from any to ${ip} 25 setup # Allow setup of incoming HTTP connections ${fwcmd} add pass tcp from any to ${ip} 80 setup # Allow setup of outgoing TCP connections only ${fwcmd} add pass tcp from ${ip} to any setup # Disallow setup of all other TCP connections ${fwcmd} add deny tcp from any to any setup # Allow DNS queries out in the world ${fwcmd} add pass udp from ${ip} to any 53 keep-state # Allow NTP queries out in the world ${fwcmd} add pass udp from ${ip} to any 123 keep-state # Everything else is denied by default, unless the # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel # config file. ;; == Relevant rc.conf bits == hostname="stud187236.mobiel.utwente.nl" ifconfig_hme0="inet 130.89.187.236 netmask 255.255.224.0" defaultrouter="130.89.160.1" firewall_enable="YES" firewall_type="client" == E250 KERNCONF == machine sparc64 cpu SUN4U ident E250 options OFW_NEWPCI options SCHED_4BSD #4BSD scheduler options INET #InterNETworking options FFS #Berkeley Fast Filesystem options SOFTUPDATES #Enable FFS soft updates support options UFS_DIRHASH #Improve performance on big directories options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=5000 #Delay (in ms) before probing SCSI options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores #options _KPOSIX_PRIORITY_SCHEDULING #Posix P1003_1B real-time extensions # Standard busses device ebus device pci # SCSI Controllers device sym # NCR/Symbios Logic (newer chipsets + those of `ncr') # SCSI peripherals device scbus # SCSI bus (required) device da # Direct Access (disks) device cd # CD device ofw_console # OpenBoot firmware console device # Builtin hardware device genclock # Generic clock interface device eeprom # eeprom (really an ebus driver for the MK48Txx) device "mk48txx" # Mostek MK48T02, MK48T08, MK48T59 clock # PCI Ethernet NICs that use the common MII bus controller code. device miibus # MII bus support device hme # Sun HME (Happy Meal Ethernet) # Pseudo devices - the number indicates how many units to allocated. device random # Entropy device device loop # Network loopback device ether # Ethernet support device pty # Pseudo-ttys (telnet etc) # The `bpf' device enables the Berkeley Packet Filter. # Be aware of the administrative consequences of enabling this! device bpf #Berkeley packet filter # RANDOM_IP_ID causes the ID field in IP packets to be randomized # instead of incremented by 1 with each packet generated. This # option closes a minor information leak which allows remote # observers to determine the rate of packet generation on the # machine by watching the counter. options RANDOM_IP_ID # Statically Link in accept filters options ACCEPT_FILTER_HTTP >Fix: Unknown. >Release-Note: >Audit-Trail: >Unformatted: